Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / b63aa5e1e9261378b698f3f101e761584851f9e3 / . / openpower / ext_interfaces / test_vmicert_management.robot
blob: 0065b4d21d36f89a5176e30a666967dc5954acab [file] [log] [blame]
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]1*** Settings ***
2
3Documentation VMI certificate exchange tests.
4
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]5Library ../../lib/jobs_processing.py
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]6Resource ../../lib/resource.robot
7Resource ../../lib/bmc_redfish_resource.robot
8Resource ../../lib/openbmc_ffdc.robot
9Resource ../../lib/bmc_redfish_utils.robot
10Resource ../../lib/utils.robot
11
12Suite Setup Suite Setup Execution
13Test Teardown FFDC On Test Case Fail
14Suite Teardown Suite Teardown Execution
15
16
17*** Variables ***
18
19# users User Name password
20@{ADMIN} admin_user TestPwd123
21@{OPERATOR} operator_user TestPwd123
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]22@{ReadOnly} readonly_user TestPwd123
23@{NoAccess} noaccess_user TestPwd123
24&{USERS} Administrator=${ADMIN} Operator=${OPERATOR} ReadOnly=${ReadOnly}
25... NoAccess=${NoAccess}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]26${VMI_BASE_URI} /ibm/v1/
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]27
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]28
29*** Test Cases ***
30
31Get CSR Request Signed By VMI And Verify
32 [Documentation] Get CSR request signed by VMI using different user roles and verify.
33 [Tags] Get_CSR_Request_Signed_By_VMI_And_Verify
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]34 [Setup] Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]35 [Template] Get Certificate Signed By VMI
36
37 # username password force_create valid_csr valid_status_code
38 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]39
40 # Send CSR request from operator user.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]41 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
42
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]43 # Send CSR request from ReadOnly user.
44 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
45
46 # Send CSR request from NoAccess user.
47 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
48
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]49
50Get Root Certificate Using Different Privilege Users Roles
51 [Documentation] Get root certificate using different users.
52 [Tags] Get_Root_Certificate_Using_Different_Users
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]53 [Setup] Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]54 [Template] Get Root Certificate
55
56 # username password force_create valid_csr valid_status_code
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]57 # Request root certificate from admin user.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]58 admin_user TestPwd123 ${True} ${True} ${HTTP_OK}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]59
60 # Request root certificate from operator user.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]61 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
62
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]63 # Request root certificate from ReadOnly user.
64 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
65
66 # Request root certificate from NoAccess user.
67 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
68
69
70Send CSR Request When VMI Is Off And Verify
71 [Documentation] Send CSR signing request to VMI when it is off and expect an error.
72 [Tags] Get_CSR_Request_When_VMI_Is_Off_And_verify
73 [Setup] Redfish Power Off
74 [Template] Get Certificate Signed By VMI
75
76 # username password force_create valid_csr valid_status_code
77 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_INTERNAL_SERVER_ERROR}
78
79 # Send CSR request from operator user.
shrsuman1233f70a6a2021-04-08 04:48:07 -0500[diff] [blame]80 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]81
82 # Send CSR request from ReadOnly user.
shrsuman1233f70a6a2021-04-08 04:48:07 -0500[diff] [blame]83 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]84
85 # Send CSR request from NoAccess user.
shrsuman1233f70a6a2021-04-08 04:48:07 -0500[diff] [blame]86 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]87
shrsuman1231b1c2a42020-11-02 23:02:30 -0600[diff] [blame]88Get Corrupted CSR Request Signed By VMI And Verify
89 [Documentation] Send corrupted CSR for signing and expect an error.
90 [Tags] Get_Corrupted_CSR_Request_Signed_By_VMI_And_Verify
91 [Setup] Redfish Power On
92 [Template] Get Certificate Signed By VMI
93
94 # username password force_create valid_csr valid_status_code
95 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
96
97 # Send CSR request from operator user.
98 operator_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN}
99
100 # Send CSR request from ReadOnly user.
101 readonly_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN}
102
103 # Send CSR request from NoAccess user.
104 noaccess_user TestPwd123 ${False} ${False} ${HTTP_FORBIDDEN}
105
shrsuman12368bdcae2021-01-18 00:38:25 -0600[diff] [blame]106Get Root Certificate When VMI Is Off And Verify
107 [Documentation] Get root certificate when vmi is off and verify.
108 [Tags] Get_Root_Certificate_When_VMI_Is_Off_And_Verify
109 [Setup] Redfish Power Off
110 [Template] Get Root Certificate
shrsuman1231b1c2a42020-11-02 23:02:30 -0600[diff] [blame]111
shrsuman12368bdcae2021-01-18 00:38:25 -0600[diff] [blame]112 # username password force_create valid_csr valid_status_code
113 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
114
115 # Request root certificate from operator user.
116 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
117
118 # Request root certificate from ReadOnly user.
119 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
120
121 # Request root certificate from NoAccess user.
122 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
123
124
125Get Root Certificate After BMC Reboot And Verify
126 [Documentation] Get root certificate after bmc reboot and verify.
127 [Tags] Get_Root_Certificate_After_BMC_Reboot_And_Verify
128 [Setup] Run Keywords OBMC Reboot (off) AND Redfish Power On
129 [Template] Get Root Certificate
130
131 # username password force_create valid_csr valid_status_code
132 ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
133
134 # Request root certificate from operator user.
135 operator_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
136
137 # Request root certificate from ReadOnly user.
138 readonly_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
139
140 # Request root certificate from NoAccess user.
141 noaccess_user TestPwd123 ${False} ${True} ${HTTP_FORBIDDEN}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]142
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]143Get Concurrent Root Certificate Requests From Multiple Admin Users
144 [Documentation] Get multiple concurrent root certificate requests from multiple admins
145 ... and verify no errors.
146 [Tags] Get_Concurrent_Root_Certificate_Requests_From_Multiple_Admin_Users
147
148 FOR ${i} IN RANGE ${5}
149 ${dict}= Execute Process Multi Keyword ${5}
150 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
151 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
152 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
153 Dictionary Should Not Contain Value ${dict} False
154 ... msg=One or more operations has failed.
155 END
156
157Get Concurrent CSR Requests From Multiple Admin Users
158 [Documentation] Get multiple concurrent csr requests from multiple admins and verify no errors.
159 [Tags] Get_Concurrent_CSR_Requests_From_Multiple_Admin_Users
160
161 FOR ${i} IN RANGE ${5}
162 ${dict}= Execute Process Multi Keyword ${5}
163 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
164 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
165 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
166 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
167 Dictionary Should Not Contain Value ${dict} False
168 ... msg=One or more operations has failed.
169 END
170
171Get Concurrent Corrupted CSR Requests From Multiple Admin Users
172 [Documentation] Get multiple concurrent corrupted csr requests from multiple admins and verify no errors.
173 [Tags] Get_Concurrent_Corrupted_CSR_Requests_From_Multiple_Admin_Users
174
175 FOR ${i} IN RANGE ${5}
176 ${dict}= Execute Process Multi Keyword ${5}
177 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
178 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
179 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
180 Dictionary Should Not Contain Value ${dict} False
181 ... msg=One or more operations has failed.
182 END
183
shrsuman12382a9a312021-03-26 05:34:32 -0500[diff] [blame]184Get Concurrent Root Certificate Request From Operator Users
185 [Documentation] Get multiple concurrent root certificate from non admin users and verify no errors.
186 [Tags] Get_Concurrent_Root_Certificate_Request_From_Operator_Users
187
188 FOR ${i} IN RANGE ${5}
189 ${dict}= Execute Process Multi Keyword ${5}
190 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
191 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
192 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
193 Dictionary Should Not Contain Value ${dict} False
194 ... msg=One or more operations has failed.
195 END
196
197Get Concurrent Root Certificate Request From Admin And Non Admin Users
198 [Documentation] Get multiple concurrent root certificate from admin and non admin users
199 ... and verify no errors.
200 [Tags] Get_Concurrent_Root_Certificate_Request_From_Admin_And_Non_Admin_Users
201
202 FOR ${i} IN RANGE ${5}
203 ${dict}= Execute Process Multi Keyword ${5}
204 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
205 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
206 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
207 Dictionary Should Not Contain Value ${dict} False
208 ... msg=One or more operations has failed.
209 END
210
211Get Concurrent Root Certificate Request From Different Non Admin Users
212 [Documentation] Get multiple concurrent root certificate from different non admin users
213 ... and verify no errors.
214 [Tags] Get_Concurrent_Root_Certificate_Request_From_Different_Non_Admin_Users
215
216 FOR ${i} IN RANGE ${5}
217 ${dict}= Execute Process Multi Keyword ${5}
218 ... Get Root Certificate operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
219 ... Get Root Certificate readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
220 ... Get Root Certificate noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
221 Dictionary Should Not Contain Value ${dict} False
222 ... msg=One or more operations has failed.
223 END
224
225Get Concurrent CSR Request From Operator Users
226 [Documentation] Get multiple concurrent csr request from non admin users and verify no errors.
227 [Tags] Get_Concurrent_CSR_Request_From_Operator_Users
228
229 FOR ${i} IN RANGE ${5}
230 ${dict}= Execute Process Multi Keyword ${5}
231 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
232 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
233 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
234 Dictionary Should Not Contain Value ${dict} False
235 ... msg=One or more operations has failed.
236 END
237
shrsuman12394b36572021-03-10 03:15:53 -0600[diff] [blame]238Get Root Certificate And Send CSR Request Concurrently And Verify
239 [Documentation] Get root certificate and send csr request concurrently and
240 ... verify gets root and signed certificate.
241 [Tags] Get_Root_Certificate_And_Send_CSR_Request_Concurrently_And_Verify
242
243 FOR ${i} IN RANGE ${5}
244 ${dict}= Execute Process Multi Keyword ${5}
245 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
246 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
247 Dictionary Should Not Contain Value ${dict} False
248 ... msg=One or more operations has failed.
249 END
250
251Get Concurrent Root Certificate And Send CSR Request And Verify
252 [Documentation] Get concurrent root certificate and send csr request
253 ... and verify gets root certificate and signed certificate.
254 [Tags] Get_Concurrent_Root_Certificate_And_Send_CSR_Request_And_Verify
255
256 FOR ${i} IN RANGE ${5}
257 ${dict}= Execute Process Multi Keyword ${5}
258 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
259 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
260 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
261 Dictionary Should Not Contain Value ${dict} False
262 ... msg=One or more operations has failed.
263 END
264
265Get Root Certificate And Send Multiple CSR Requests Concurrently And Verify
266 [Documentation] Get root certificate and send multiple csr requests concurrently and
267 ... verify gets root certificate and signed certificates.
268 [Tags] Get_Root_Certificate_And_Send_Multiple_CSR_Requests_Concurrently_And_Verify
269
270 FOR ${i} IN RANGE ${5}
271 ${dict}= Execute Process Multi Keyword ${5}
272 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
273 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
274 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
275 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
276 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
277 Dictionary Should Not Contain Value ${dict} False
278 ... msg=One or more operations has failed.
279 END
280
281Get Root Certificate And Send Multiple Corrupted CSR Requests Concurrently And Verify
282 [Documentation] Get root certificate and send multiple corrupted csr requests concurrently and
283 ... verify gets root certificate and error for corrupted csr requests.
284 [Tags] Get_Root_Certificate_And_Send_Multiple_Corrupted_CSR_Requests_Concurrently_And_Verify
285
286 FOR ${i} IN RANGE ${5}
287 ${dict}= Execute Process Multi Keyword ${5}
288 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
289 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
290 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
291 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
292 Dictionary Should Not Contain Value ${dict} False
293 ... msg=One or more operations has failed.
294 END
295
shrsuman123b63aa5e2021-04-12 06:20:18 -0500[diff] [blame^]296Send Concurrent CSR Request And Corrupted CSR Request And Verify
297 [Documentation] Send concurrent csr request and corrupted csr request
298 ... and verify gets certificate for valid csr and error for corrupted csr.
299 [Tags] Send_Concurrent_CSR_Request_And_Corrupted_CSR_Request_And_Verify
300
301 FOR ${i} IN RANGE ${5}
302 ${dict}= Execute Process Multi Keyword ${5}
303 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
304 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
305 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
306 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
307 Dictionary Should Not Contain Value ${dict} False
308 ... msg=One or more operations has failed.
309 END
310
311Get Root Certificate Send CSR And Corrupted CSR Request Concurrently And Verify
312 [Documentation] Get root certificate send csr and corrupted csr requests concurrently and
313 ... verify gets root certificate and certificate for valid csr and error for corrupted csr.
314 [Tags] Get_Root_Certificate_Send_CSR_And_Corrupted_CSR_Request_Concurrently_And_Verify
315
316 FOR ${i} IN RANGE ${5}
317 ${dict}= Execute Process Multi Keyword ${5}
318 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
319 ... Get Root Certificate ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
320 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
321 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${False} ${HTTP_INTERNAL_SERVER_ERROR}
322 Dictionary Should Not Contain Value ${dict} False
323 ... msg=One or more operations has failed.
324 END
325
326Send Concurrent CSR Request From Admin And Non Admin Users And Verify
327 [Documentation] Send concurrent csr requests from admin and non-admin users and verify
328 ... admin gets certificate and non-admin gets error.
329 [Tags] Send_Concurrent_CSR_Request_From_Admin_And_Non_Admin_Users_And_Verify
330
331 FOR ${i} IN RANGE ${5}
332 ${dict}= Execute Process Multi Keyword ${5}
333 ... Get Certificate Signed By VMI ${OPENBMC_USERNAME} ${OPENBMC_PASSWORD} ${True} ${True} ${HTTP_OK}
334 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
335 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
336 Dictionary Should Not Contain Value ${dict} False
337 ... msg=One or more operations has failed.
338 END
339
340Send Concurrent CSR Request From Non Admin Users And Verify
341 [Documentation] Send concurrent csr request from non admin users
342 ... and verify gets error.
343 [Tags] Send_Concurrent_CSR_Request_From_Non_Admin_Users_And_Verify
344
345 FOR ${i} IN RANGE ${5}
346 ${dict}= Execute Process Multi Keyword ${5}
347 ... Get Certificate Signed By VMI operator_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
348 ... Get Certificate Signed By VMI readonly_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
349 ... Get Certificate Signed By VMI noaccess_user TestPwd123 ${True} ${True} ${HTTP_FORBIDDEN}
350 Dictionary Should Not Contain Value ${dict} False
351 ... msg=One or more operations has failed.
352 END
353
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]354*** Keywords ***
355
356Generate CSR String
357 [Documentation] Generate a csr string.
358
359 # Note: Generates and returns csr string.
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]360 ${csr_gen_time} = Get Current Date Time
361 ${CSR_FILE}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.csr
362 ${CSR_KEY}= Catenate SEPARATOR=_ ${csr_gen_time} csr_server.key
363 Set Test Variable ${CSR_FILE}
364 Set Test Variable ${CSR_KEY}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]365 ${ssl_cmd}= Set Variable openssl req -new -newkey rsa:2048 -nodes -keyout ${CSR_KEY} -out ${CSR_FILE}
366 ${ssl_sub}= Set Variable
367 ... -subj "/C=XY/ST=Abcd/L=Efgh/O=ABC/OU=Systems/CN=abc.com/emailAddress=xyz@xx.ABC.com"
368
369 # Run openssl command to create a new private key and use that to generate a CSR string
370 # in server.csr file.
371 ${output}= Run ${ssl_cmd} ${ssl_sub}
Prashanth Katti7ee28252020-09-17 01:55:17 -0500[diff] [blame]372 ${csr}= OperatingSystem.Get File ${CSR_FILE}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]373
374 [Return] ${csr}
375
376
377Send CSR To VMI And Get Signed
George Keishingf9248952021-05-28 07:52:37 -0500[diff] [blame]378 [Documentation] Upload CSR to VMI and get signed.
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]379 [Arguments] ${csr} ${force_create} ${username} ${password}
380
381 # Description of argument(s):
382 # csr Certificate request from client to VMI.
383 # force_create Create a new REST session if True.
384 # username Username to create a REST session.
385 # password Password to create a REST session.
386
387 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
388 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
389
390 ${data}= Create Dictionary
391 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
392 ... Content-Type=application/json
393
394 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Actions/SignCSR
395
396 # For SignCSR request, we need to pass CSR string generated by openssl command.
397 ${csr_data}= Create Dictionary CsrString ${csr}
398 Set To Dictionary ${data} data ${csr_data}
399
400 ${resp}= Post Request openbmc ${cert_uri} &{data} headers=${headers}
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]401 Log to console ${resp.content}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]402
403 [Return] ${resp}
404
405
406Get Root Certificate
407 [Documentation] Get root certificate from VMI.
408 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
409 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
410
411 # Description of argument(s):
412 # cert_type Type of the certificate requesting. eg. root or SignCSR.
413 # username Username to create a REST session.
414 # password Password to create a REST session.
415 # force_create Create a new REST session if True.
416 # valid_csr Uses valid CSR string in the REST request if True.
417 # This is not applicable for root certificate.
418 # valid_status_code Expected status code from REST request.
419
420 Run Keyword If "${XAUTH_TOKEN}" != "${EMPTY}" or ${force_create} == ${True}
421 ... Initialize OpenBMC rest_username=${username} rest_password=${password}
422
423 ${data}= Create Dictionary
424 ${headers}= Create Dictionary X-Auth-Token=${XAUTH_TOKEN}
425 ... Content-Type=application/json
426
427 ${cert_uri}= Set Variable ${VMI_BASE_URI}Host/Certificate/root
428
429 ${resp}= Get Request openbmc ${cert_uri} &{data} headers=${headers}
430
431 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
432 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
433
434 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
435 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
436 Should Contain ${cert["Certificate"]} END CERTIFICATE
437
438
439Get Subject
440 [Documentation] Generate a csr string.
441 [Arguments] ${file_name} ${is_csr_file}
442
443 # Description of argument(s):
444 # file_name Name of CSR or signed CERT file.
445 # is_csr_file A True value means a CSR while a False is for signed CERT file.
446
447 ${subject}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -text -noout | grep Subject:
448 ... ELSE Run openssl x509 -in ${file_name} -text -noout | grep Subject:
449
450 [Return] ${subject}
451
452
453Get Public Key
454 [Documentation] Generate a csr string.
455 [Arguments] ${file_name} ${is_csr_file}
456
457 # Description of argument(s):
458 # file_name Name of CSR or CERT file.
459 # is_csr_file A True value means a CSR while a False is for signed CERT file.
460
461 ${PublicKey}= Run Keyword If ${is_csr_file} Run openssl req -in ${file_name} -noout -pubkey
462 ... ELSE Run openssl x509 -in ${file_name} -noout -pubkey
463
464 [Return] ${PublicKey}
465
466
467Get Certificate Signed By VMI
468 [Documentation] Get signed certificate from VMI.
469 [Arguments] ${username}=${OPENBMC_USERNAME} ${password}=${OPENBMC_PASSWORD}
470 ... ${force_create}=${False} ${valid_csr}=${True} ${valid_status_code}=${HTTP_OK}
471
472 # Description of argument(s):
473 # cert_type Type of the certificate requesting. eg. root or SignCSR.
474 # username Username to create a REST session.
475 # password Password to create a REST session.
476 # force_create Create a new REST session if True.
477 # valid_csr Uses valid CSR string in the REST request if True.
478 # This is not applicable for root certificate.
479 # valid_status_code Expected status code from REST request.
480
481 Set Test Variable ${CSR} CSR
482 Set Test Variable ${CORRUPTED_CSR} CORRUPTED_CSR
483
484 ${CSR}= Generate CSR String
shrsuman1231b1c2a42020-11-02 23:02:30 -0600[diff] [blame]485 ${csr_left} ${csr_right}= Split String From Right ${CSR} == 1
486 ${CORRUPTED_CSR}= Catenate SEPARATOR= ${csr_left} \N ${csr_right}
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]487
488 # For SignCSR request, we need to pass CSR string generated by openssl command
489 ${csr_str}= Set Variable If ${valid_csr} == ${True} ${CSR} ${CORRUPTED_CSR}
490
491 ${resp}= Send CSR To VMI And Get Signed ${csr_str} ${force_create} ${username} ${password}
492
493 Should Be Equal As Strings ${resp.status_code} ${valid_status_code}
494 Return From Keyword If ${resp.status_code} != ${HTTP_OK}
495
496 ${cert}= Evaluate json.loads('''${resp.text}''', strict=False) json
497 Should Contain ${cert["Certificate"]} BEGIN CERTIFICATE
498 Should Contain ${cert["Certificate"]} END CERTIFICATE
499
500 # Now do subject and public key verification
501 ${subject_csr}= Get Subject ${CSR_FILE} True
502 ${pubKey_csr}= Get Public Key ${CSR_FILE} True
503
504 # create a crt file with certificate string
505 ${signed_cert}= Set Variable ${cert["Certificate"]}
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]506 ${testcert_gen_time} = Get Current Date Time
507 ${test_cert_file}= Catenate SEPARATOR=_ ${testcert_gen_time} test_certificate.cert
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]508
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]509 Create File ${test_cert_file} ${signed_cert}
510 ${subject_signed_csr}= Get Subject ${test_cert_file} False
511 ${pubKey_signed_csr}= Get Public Key ${test_cert_file} False
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]512
513 Should be equal as strings ${subject_signed_csr} ${subject_csr}
514 Should be equal as strings ${pubKey_signed_csr} ${pubKey_csr}
515
516
517Suite Setup Execution
518 [Documentation] Suite setup execution.
519
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]520 Remove Files *.csr *.key *.cert
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]521 # Create different user accounts.
522 Redfish.Login
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]523 Redfish Power On
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]524 Create Users With Different Roles users=${USERS} force=${True}
525
526
527Suite Teardown Execution
528 [Documentation] Suite teardown execution.
529
shrsuman1235fc20cb2021-02-02 04:55:47 -0600[diff] [blame]530 Remove Files *.csr *.key *.cert
manashsarmab7af8172020-07-16 05:05:44 -0500[diff] [blame]531 Delete BMC Users Via Redfish users=${USERS}
532 Delete All Sessions
533 Redfish.Logout